Jump to content


Photo

successfully blocked access to a potentially malicious website


  • This topic is locked This topic is locked
6 replies to this topic

#1 psears

psears

    New Member

  • Members
  • Pip
  • 2 posts

Posted 26 July 2010 - 11:02 AM

Hi, I have been rolling out a group of registered version MalwareBytes installs. Several of the machines are popping up messages stating "successfully blocked access to a potentially malicious website" with an IP address. This is while no web browsers are running. I have not had any success in finding out what is trying to go out from these machines. Here is a list of IPs that have been blocked so far. They all seem to be in China.

59.53.92.229
61.147.120.209
117.135.131.16
121.8.251.5
121.9.221.159
122.224.54.76
205.209.161.102
208.73.210.28
210.51.180.222
217.23.9.158
222.189.238.166
222.76.211.62
222.76.212.202

I added Zone Alarm to one computer in hopes the firewall logs would show a process trying to get out to one of these IPs but MB has not logged an attempt since the addition of the extra firewall.

Please advise!

thanks

#2 Wide Glide

Wide Glide

    Just a pebble in the stream

  • Spam Hunters
  • PipPipPipPipPipPip
  • 1,532 posts
  • Gender:Male
  • Location:Louisiana, USA

Posted 26 July 2010 - 11:21 AM

Hello psears and :)

If you're a Corporate or Technician Licensed customer seeking assistance please send an email to corporate-support@malwarebytes.org. Please quote your order reference number when you send the request.

Thanks :)

Vista HP 64bit 7Mtxr.png


#3 SailorRipley

SailorRipley

    New Member

  • Members
  • Pip
  • 1 posts

Posted 30 July 2010 - 06:16 PM

Hello psears and B)

If you're a Corporate or Technician Licensed customer seeking assistance please send an email to corporate-support@malwarebytes.org. Please quote your order reference number when you send the request.

Thanks :lol:


I'm just a regular licensed user that has the same pop-up of a blocked site: 94.75.229.139 Is there a way to find out what this is? Is it something I should try to get rid of?

#4 Wide Glide

Wide Glide

    Just a pebble in the stream

  • Spam Hunters
  • PipPipPipPipPipPip
  • 1,532 posts
  • Gender:Male
  • Location:Louisiana, USA

Posted 30 July 2010 - 06:28 PM

Hello SailorRipley and Welcome to malwarebytes.org

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address. If this notice was presented when you were not actually doing anything on the machine, then I suggest having your computer looked at.

I got an alert and I wasn't even surfing, how's does that happen?
There are many applications on your system which have access to the Net and any of these can trigger an IP alert with no browser open. Most common offenders are P2P applications and IM clients, usually an ad will trigger an alert. An advanced or premium firewall will be able to give you a list of programs which can access the Net.
Read more of the facts HERE

NOTE: If you have any of these programs installed, suggest uninstalling them and then run a Quick scan with Mbam.
Please post back if you have any problems. Thanks

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or HERE

Vista HP 64bit 7Mtxr.png


#5 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 30 July 2010 - 06:32 PM

Hi Sailor - (Always wanted to say that) -
Please fully read the FAQ , Section G as listed by Wide Glide first -
Please post back if you have further questions or problems -

Thank you -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#6 TeMerc

TeMerc

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 2,019 posts
  • Gender:Male
  • Location:Phx. AZ. USA
  • Interests:Formula 1 Auto Racing, Computer Security, Entertainment, Sci-Fi, SuperHeroes

Posted 30 July 2010 - 06:53 PM

I'm just a regular licensed user that has the same pop-up of a blocked site: 94.75.229.139 Is there a way to find out what this is? Is it something I should try to get rid of?

If that's true why would you be 'rolling out a group of Malwarebytes' installs'? That type of language is not used by 'regular' users.
Tom Mercado
Product Support Team Lead

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 30 July 2010 - 07:07 PM

User is being assisted by Corporate Support. I will close this post now.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users